Vulnerability Description
Double free vulnerability in nsVCard.cpp in Mozilla Thunderbird before 1.5.0.4 and SeaMonkey before 1.0.2 allows remote attackers to cause a denial of service (hang) and possibly execute arbitrary code via a VCard that contains invalid base64 characters.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Mozilla | Seamonkey | <= 1.0.1 |
| Mozilla | Thunderbird | <= 1.5.0.3 |
Related Weaknesses (CWE)
References
- http://rhn.redhat.com/errata/RHSA-2006-0609.html
- http://secunia.com/advisories/20382Vendor Advisory
- http://secunia.com/advisories/20394Vendor Advisory
- http://secunia.com/advisories/20709Vendor Advisory
- http://secunia.com/advisories/21134Vendor Advisory
- http://secunia.com/advisories/21178Vendor Advisory
- http://secunia.com/advisories/21183Vendor Advisory
- http://secunia.com/advisories/21210Vendor Advisory
- http://secunia.com/advisories/21269Vendor Advisory
- http://secunia.com/advisories/21324Vendor Advisory
- http://secunia.com/advisories/21336Vendor Advisory
- http://secunia.com/advisories/21607Vendor Advisory
- http://secunia.com/advisories/21631Vendor Advisory
- http://secunia.com/advisories/22065Vendor Advisory
- http://securitytracker.com/id?1016214
FAQ
What is CVE-2006-2781?
CVE-2006-2781 is a vulnerability with a CVSS score of 6.4 (MEDIUM). Double free vulnerability in nsVCard.cpp in Mozilla Thunderbird before 1.5.0.4 and SeaMonkey before 1.0.2 allows remote attackers to cause a denial of service (hang) and possibly execute arbitrary cod...
How severe is CVE-2006-2781?
CVE-2006-2781 has been rated MEDIUM with a CVSS base score of 6.4/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2006-2781?
Check the references section above for vendor advisories and patch information. Affected products include: Mozilla Seamonkey, Mozilla Thunderbird.